Highlighted
jfeyen Frequent Contributor.
Frequent Contributor.
1204 views

Virusscanner on OES11SP1 and SP2

Hi,

Our Sophos firewall found a botnet on our OES servers running with NSS volumes.
At the moment we have no antivirus on the OES servers. I never tought linux was so vurable for virusses and certainly not on Novell :).

We use McAfee for our workstations which has a Linux scanner.
Sophos for our firewall so we can also use it as Linux scanner.

What is the best to use and what is your experience?

Do you have to exclude certain partitions of the NSS filesystem? Is this for McAfee and for Sophos or is this something from the past?

Tx,

Joeri
Labels (2)
Tags (3)
0 Likes
4 Replies
Knowledge Partner
Knowledge Partner

Re: Virusscanner on OES11SP1 and SP2

jfeyen;2410266 wrote:
Our Sophos firewall found a botnet on our OES servers running with NSS volumes.
At the moment we have no antivirus on the OES servers. I never tought linux was so vurable for virusses and certainly not on Novell :).

We use McAfee for our workstations which has a Linux scanner.
Sophos for our firewall so we can also use it as Linux scanner.

What is the best to use and what is your experience?

Do you have to exclude certain partitions of the NSS filesystem? Is this for McAfee and for Sophos or is this something from the past?


If you are concerned about security the first thing to note is that General Support for OES11 SP1 ended in January so you really should be using OES11 SP2.

How up to date are your OES servers regarding patches? What botnet was found on your servers? Like Windows, Linux also has security vulnerabilities hence the reason for keeping up to date with versions and patches.

There are two aspects of running something on the OES server - one is to protect the server itself and the second to protect user files in NSS volumes. I've no real experience on running anti-virus software on OES servers - https://www.novell.com/products/openenterpriseserver/partners.html lists partners whose software are verified to supposedly work with OES but user's experiences vary going on posts I've seen in these Forums and elsewhere. You certainly want to make sure that they work with OES11 SP2 and later (OES 2015 was recently released) for all the file access methods/protocols you use (NCP, CIFS/SMB, AFP, WebDAV, HTTP, etc.).

HTH.
0 Likes
jfeyen Frequent Contributor.
Frequent Contributor.

Re: Virusscanner on OES11SP1 and SP2

smflood;2410308 wrote:
If you are concerned about security the first thing to note is that General Support for OES11 SP1 ended in January so you really should be using OES11 SP2.

How up to date are your OES servers regarding patches? What botnet was found on your servers? Like Windows, Linux also has security vulnerabilities hence the reason for keeping up to date with versions and patches.

There are two aspects of running something on the OES server - one is to protect the server itself and the second to protect user files in NSS volumes. I've no real experience on running anti-virus software on OES servers - https://www.novell.com/products/openenterpriseserver/partners.html lists partners whose software are verified to supposedly work with OES but user's experiences vary going on posts I've seen in these Forums and elsewhere. You certainly want to make sure that they work with OES11 SP2 and later (OES 2015 was recently released) for all the file access methods/protocols you use (NCP, CIFS/SMB, AFP, WebDAV, HTTP, etc.).

HTH.


Hi Simon,

That's quite fast that the support ends. How long will OES11SP2 be supported?
Did you ever upgrade systems from OES11SP1 to SP2 and how did it went?

Not so up to date cause it are production systems I rather don't touch them with updates...
Do you do regularly the updates on your production systems?

I tried both scanners on a test lab:
Sophos Linux scanner V9
McAfeeVSEForLinux-2.0.2

They both work fine on the NSS filesystems.
I like McAfee a bit more cause of the webinterface with all the options.

Kr,

Joeri
0 Likes
Knowledge Partner
Knowledge Partner

Re: Virusscanner on OES11SP1 and SP2

jfeyen;2410342 wrote:
That's quite fast that the support ends. How long will OES11SP2 be supported?
Did you ever upgrade systems from OES11SP1 to SP2 and how did it went?

Not so up to date cause it are production systems I rather don't touch them with updates...
Do you do regularly the updates on your production systems?

I tried both scanners on a test lab:
Sophos Linux scanner V9
McAfeeVSEForLinux-2.0.2

They both work fine on the NSS filesystems.
I like McAfee a bit more cause of the webinterface with all the options.


OES11 SP1 is still covered for defects but not security patches or product enhancements as out of General Support. End of General Support for OES11 SP2 is still to be decided - I'll ask Novell about this. See https://www.novell.com/lifecycle/ and http://support.novell.com/products/openenterpriseserver/support-pack-policy.html

I've upgraded systems from OES11 SP1 to SP2 online via patch channel but others have done so offline via media. I also keep my systems patched up to date, particularly with regards to security fixes.

HTH.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Virusscanner on OES11SP1 and SP2

jfeyen;2410342 wrote:
Hi Simon,

That's quite fast that the support ends. How long will OES11SP2 be supported?
Did you ever upgrade systems from OES11SP1 to SP2 and how did it went?

Not so up to date cause it are production systems I rather don't touch them with updates...
Do you do regularly the updates on your production systems?

I tried both scanners on a test lab:
Sophos Linux scanner V9
McAfeeVSEForLinux-2.0.2

They both work fine on the NSS filesystems.
I like McAfee a bit more cause of the webinterface with all the options.

Kr,

Joeri


I have not used Sophos on the OES servers, but it was integrated into our email gateway and it worked very well. I don't know about it's management abilities or its NSS support.

I have used McAfee on OES a while back, and while it worked well, getting it installed was a PITA (but the installation routine has improved quite a bit since then). If you already own McAfee VSE for your workstations, you may be able to get a price break for the Linux server engine, and they can all be managed via ePO.

Some could argue that you should have defense in-depth and have Sophos on the servers, and VSE on the workstations in case one misses something the other does not.

IF you do put AV on your OES servers for NSS "protection", make sure that your McAfee VSE on the workstations is NOT set to scan network file shares for viruses otherwise your performance goes in the toilet and it's possible that the AV engines (regardless of what you pick) may fight each other.

Upgrading from OES11 SP1 to OES11 SP2 went very smoothly for us. We used the offline media method.

--Kevin
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.